[jira] [Updated] (CONFIGURATION-854) Version 2.12.1 Missing from Maven Central

Wed, 22 Oct 2025 11:47:37 -0700 


     [ 
https://issues.apache.org/jira/browse/CONFIGURATION-854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Barry Caceres (Senzing) updated CONFIGURATION-854:
--------------------------------------------------
    Description: 
CVE-2025-48924 was reported against dependency commons-lang3 version 3.17.0 and 
this dependency was supposedly fixed in July 2025 according to 
https://issues.apache.org/jira/browse/CONFIGURATION-853

 

According to the release notes there is a version 2.12.1 that includes this 
fix, but that release has no date assigned to it (it shows YYYY-MM-DD 
placeholder).

See: [https://commons.apache.org/proper/commons-configuration/changes.html]

Just need this version 2.12.1 made available on Maven Central.

  was:
CVE-2025-48924 was reported against dependency commons-lang3 version 3.17.0 and 
this dependency was supposedly fixed in July 2025 according to 
https://issues.apache.org/jira/browse/CONFIGURATION-853

 

According to the release notes there is a version 2.12.1 that includes this 
fix, but that release has no date assigned to it (it shows YYYY-MM-DD 
placeholder).

 

Just need this version 2.12.1 made available on Maven Central.


> Version 2.12.1 Missing from Maven Central
> -----------------------------------------
>
>                 Key: CONFIGURATION-854
>                 URL: https://issues.apache.org/jira/browse/CONFIGURATION-854
>             Project: Commons Configuration
>          Issue Type: Bug
>          Components: Build
>    Affects Versions: 2.12.0
>            Reporter: Barry Caceres (Senzing)
>            Priority: Major
>             Fix For: 2.12.1
>
>
> CVE-2025-48924 was reported against dependency commons-lang3 version 3.17.0 
> and this dependency was supposedly fixed in July 2025 according to 
> https://issues.apache.org/jira/browse/CONFIGURATION-853
>  
> According to the release notes there is a version 2.12.1 that includes this 
> fix, but that release has no date assigned to it (it shows YYYY-MM-DD 
> placeholder).
> See: [https://commons.apache.org/proper/commons-configuration/changes.html]
> Just need this version 2.12.1 made available on Maven Central.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to